[#CONC-197] mysql_stmt_fetch_column function will coredump if bind[0].length ptr is NULL.

[CONC-197] mysql_stmt_fetch_column function will coredump if bind[0].length ptr is NULL. Created: 2016-08-11 Updated: 2016-10-17 Resolved: 2016-08-18
Status:	Closed
Project:	MariaDB Connector/C
Component/s:	None
Affects Version/s:	2.3.0, 2.3.1
Fix Version/s:	3.0.1, 2.3.2

Type:

Bug

Priority:

Major

Reporter:

shuianle

Assignee:

Georg Richter

Resolution:

Fixed

Votes:

Labels:

None

Description

in mysql_stmt_fetch_column function have follow code

    if (bind[0].length)

      *bind[0].length= stmt->bind[column].length_value;

    else

      *bind[0].length= *stmt->bind[column].length;

if bind[0].length ptr is NULL, else branch will coredump

The right code maybe

    if (bind[0].length)

      *bind[0].length= *stmt->bind[column].length;

    else

      bind[0].length= &stmt->bind[column].length_value;

Comments

Comment by Georg Richter [ 2016-08-18 ]

Fixed in

C/C 2.3.2: rev 84e0f5c7596b4742cf2853ca705433c35ba63e55
C/C 3.0.1: rev 6c0ae00fbbe7e1eeb4b47526399ae9ccdbb58d7e

Generated at Thu Feb 08 03:03:34 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.